Open
Description
openedon Feb 17, 2023
- Package Name: @azure/communication-calling
- Package Version: 1.6.3
- Operating system: Ubuntu Linux 22.10
- browser: Chrome 109.0.5414.119
Describe the bug
Basically this is a 'reopen' of the following bug: Azure/Communication#384
The communication-calling library still requires allowing script-src: unsafe-eval for a CSP policy.
Further it would be nice, when all required CSP policies are documented somewhere and we don't need to try-and-error during development.
Expected behavior
The library (and any dependencies of it) should not require 'unsafe-eval'.
Additional context
Exact error message is:
Content Security Policy: The page’s settings blocked the loading of a resource at eval (“script-src”). [sdk.bundle.js:92:172540](https://partner.bsi-software.com/nightly/bsicrm_23_1/@azure/communication-calling/dist/sdk.bundle.js)
Content Security Policy: The page’s settings blocked the loading of a resource at eval (“script-src”). [sdk.bundle.js:109:588840](https://partner.bsi-software.com/nightly/bsicrm_23_1/@azure/communication-calling/dist/sdk.bundle.js)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Metadata
Labels
This issue points to a problem in the data-plane of the library.Workflow: This issue is responsible by Azure service team.This issue requires a change to an existing behavior in the product in order to be resolved.Issues that are reported by GitHub users external to the Azure organization.Workflow: This issue needs attention from Azure service team or SDK team